IETF Logo Mail Archive

Re: [TLS] Summary of discussion regarding spontaneuous authentication

Santosh Chokhani <schokhani@cygnacom.com> Tue, 28 October 2014 16:56 UTC

Return-Path: <schokhani@cygnacom.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FFBD1A6EF9 for <tls@ietfa.amsl.com>; Tue, 28 Oct 2014 09:56:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id big1PT8b5oC5 for <tls@ietfa.amsl.com>; Tue, 28 Oct 2014 09:56:56 -0700 (PDT)
Received: from ipedge2.cygnacom.com (ipedge2.cygnacom.com [216.191.252.27]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82CA21A891C for <tls@ietf.org>; Tue, 28 Oct 2014 09:56:56 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.04,803,1406606400"; d="scan'208";a="2501876"
Received: from unknown (HELO scygexch10.cygnacom.com) ([10.4.60.26]) by ipedge2.cygnacom.com with ESMTP; 28 Oct 2014 12:56:55 -0400
Received: from SCYGEXCH10.cygnacom.com ([::1]) by scygexch10.cygnacom.com ([::1]) with mapi id 14.03.0195.001; Tue, 28 Oct 2014 12:56:54 -0400
From: Santosh Chokhani <schokhani@cygnacom.com>
To: Martin Thomson <martin.thomson@gmail.com>, Joseph Salowey <joe@salowey.net>
Thread-Topic: [TLS] Summary of discussion regarding spontaneuous authentication
Thread-Index: AQHP7fDJAlDa05ExwUGd7WlSHO2iupw8VaqAgAAD/4CAAAUPgIAAEZiAgAAZRQCACEJbAIAAajAAgAADmoCAAIf9UA==
Date: Tue, 28 Oct 2014 16:56:53 +0000
Message-ID: <4262AC0DB9856847A2D00EF817E81139243CBD@scygexch10.cygnacom.com>
References: <CABkgnnUAhEV=wLZyTew=ne7VgSq50XYR3Fo5EfjNXc8=_hbpyg@mail.gmail.com> <CABkgnnXAk+HU2yaUJdOQ0w-heHwYrPK6Zf3HrH5tU+2Tk7_cCA@mail.gmail.com> <20141022125359.GA18704@LK-Perkele-VII> <CABkgnnW=aVzsi+cq=icpn4z9PjFuoiu_LQz_mnfeyPPom6LROQ@mail.gmail.com> <20141022132623.GA19894@LK-Perkele-VII> <CABkgnnVe3T56ia-bxgqNrpF_vXQD=T7xisrZb0Szu+L1X05+NQ@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C71D3A8C4F98@USMBX1.msg.corp.akamai.com> <CABcZeBNvtOi9UuQGdbuxvPGqZqRx+ZCw9CvMp830Dpq47WwxVg@mail.gmail.com> <CAOgPGoBMqevV6FbjtP3V_E8bsKVZAfV9rWphTAwBBOfeauZzzw@mail.gmail.com> <CABkgnnUB+6ZqJ-dUGnViSDjsLQ3ZzMUGKLTUfnR01b+qbX2Y9A@mail.gmail.com>
In-Reply-To: <CABkgnnUB+6ZqJ-dUGnViSDjsLQ3ZzMUGKLTUfnR01b+qbX2Y9A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.60.117.7]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/GDojpXVD7Tv-LFwuoGs0rK6Klbc
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Summary of discussion regarding spontaneuous authentication
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2014 16:56:58 -0000

CA list has been a double-edged sword.

For cross certified environments, some clients do not present a valid certificate when the Server root and the client root are cross certified and both parties can build valid paths.  Browsers vendors have not fixed this concern.

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Martin Thomson
Sent: Tuesday, October 28, 2014 12:40 AM
To: Joseph Salowey
Cc: tls@ietf.org
Subject: Re: [TLS] Summary of discussion regarding spontaneuous authentication

On 27 October 2014 21:27, Joseph Salowey <joe@salowey.net> wrote:
> While I'm not a huge fan of the certificate authorities list, I'm not 
> sure that punting this to the application layer is the right thing to do.

Would you be interested perhaps in an optional TLS extension that allows both client and server to express something about what they are willing to consider as being authoritative?

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email